Qantas is embedding secure-by-design practices throughout the group – Safety

Qantas is tackling a broad vary of cyber safety actions this monetary 12 months, together with embedding secure-by-design practices throughout the group and automating “key cyber functionality”.

The aviation group outlined a considerably expanded physique of cyber safety work in its 2024 sustainability report [pdf] in comparison with earlier years.

Within the earlier two years, cyber security tradition, consciousness and training-related exercise dominated its disclosures, with solely scant point out of course of and technology-related investments.

Its newest sustainability report continues with that theme, pointing to phishing simulations and bespoke coaching applications being supplied to the airline’s workers.

Nonetheless, it additionally factors to plenty of “persevering with” actions from FY24 – which ended June 30 – into FY25 that present a extra expansive view of its cyber security-related exercise and investments.

These actions embody an “uplift” of third and fourth-party cyber danger governance processes.

“Third- and fourth-party cyber danger entails managing cyber dangers from our direct suppliers (third events) and their suppliers (fourth events), who can have an effect on our provide chain straight or not directly via cyber incidents,” it stated in footnotes.

Like different major enterprises such as NAB, Qantas can be backing secure-by-design methodologies, with it earmarking FY25 for the continuation of growth work round “secure-by-design practices and steerage”, and work to “embed this throughout the group”.

As well as, Qantas stated it could use the following monetary 12 months to “improve inner and exterior safety testing functionality”; to “accomplice carefully with aviation trade friends together with the federal authorities to boost cyber resilience for the sector”; and to help “steady enchancment via better automation of key cyber functionality together with leveraging new applied sciences together with generative AI.”

App error

Qantas additionally stated it had realized from a privateness incident again in Could when its app malfunctioned and displayed other people’s data.

The airline stated that its app “skilled two brief durations of anomalous behaviour” on Could 1, “attributable to a change to the expertise setting.”

“Qantas voluntarily disclosed this occasion to the Australian privateness regulator and contacted impacted prospects,” it stated.

“Learnings from this occasion have been used to enhance our expertise and privateness posture.”

The airline added that, extra broadly, it’s analysing and making use of classes from different “high-profile breaches and cyber incidents that affect[ed] Australian and international firms” in a bid “to enhance [its] resilience capabilities.”